From: Stefan Kangas <stefan@marxist.se>
To: Lars Ingebrigtsen <larsi@gnus.org>
Cc: 37420@debbugs.gnu.org
Subject: bug#37420: [PATCH] Recommend against SHA-1 for security-related applications
Date: Mon, 16 Sep 2019 23:50:33 +0200 [thread overview]
Message-ID: <CADwFkmnLuO_4vdV7K+MRtPWxas_4vQXPWeLPpKoZVg=pALU9-A@mail.gmail.com> (raw)
In-Reply-To: <87ef0grneg.fsf@gnus.org>
[-- Attachment #1: Type: text/plain, Size: 283 bytes --]
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Looks good.
Thanks.
As I was playing around with this a bit more, I also came up with
another patch (attached) to be committed on top of the first one.
This patch adds tests and makes some minor doc fixes.
Best regards,
Stefan Kangas
[-- Attachment #2: 0001-Add-tests-for-secure-hash-and-improve-doc-string.patch --]
[-- Type: text/x-patch, Size: 4090 bytes --]
From 64ba95dd564f22910b48f8644db4013f9fe65eb1 Mon Sep 17 00:00:00 2001
From: Stefan Kangas <stefankangas@gmail.com>
Date: Mon, 16 Sep 2019 23:39:58 +0200
Subject: [PATCH] Add tests for secure-hash and improve doc string
* src/fns.c (Fsecure_hash_algorithms): Fix typo.
(Fsecure_hash): Add algorithm list to doc string.
* test/src/fns-tests.el (test-secure-hash): New test.
---
src/fns.c | 11 ++++++++++-
.../emacs-lisp/package-resources/archive-contents | 5 ++++-
test/src/fns-tests.el | 15 +++++++++++++++
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/fns.c b/src/fns.c
index df921e28f3..5f53e596a1 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -5084,7 +5084,7 @@ make_digest_string (Lisp_Object digest, int digest_size)
DEFUN ("secure-hash-algorithms", Fsecure_hash_algorithms,
Ssecure_hash_algorithms, 0, 0, 0,
- doc: /* Return a list of all the supported `secure_hash' algorithms. */)
+ doc: /* Return a list of all the supported `secure-hash' algorithms. */)
(void)
{
return list (Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512);
@@ -5390,6 +5390,15 @@ DEFUN ("secure-hash", Fsecure_hash, Ssecure_hash, 2, 5, 0,
ALGORITHM is a symbol specifying the hash to use:
md5, sha1, sha224, sha256, sha384 or sha512.
+These symbols corresponds to the following hashing algorithms:
+
+ md5 - MD5
+ sha1 - SHA-1
+ sha224 - SHA-2 / SHA-224
+ sha256 - SHA-2 / SHA-384
+ sha384 - SHA-2 / SHA-384
+ sha512 - SHA-2 / SHA-512
+
The two optional arguments START and END are positions specifying for
which part of OBJECT to compute the hash. If nil or omitted, uses the
whole OBJECT.
diff --git a/test/lisp/emacs-lisp/package-resources/archive-contents b/test/lisp/emacs-lisp/package-resources/archive-contents
index e2f92304f8..fbbcdfa640 100644
--- a/test/lisp/emacs-lisp/package-resources/archive-contents
+++ b/test/lisp/emacs-lisp/package-resources/archive-contents
@@ -1,9 +1,12 @@
+;; RFC3339 timestamp
+;; Last-Updated: 2014-01-16T05:43:35.000Z
(1
(simple-single .
[(1 3)
nil "A single-file package with no dependencies" single
((:url . "http://doodles.au")
- (:keywords quote ("frobnicate")))])
+ (:keywords quote ("frobnicate"))
+ (:hash )])
(simple-depend .
[(1 0)
((simple-single (1 3))) "A single-file package with a dependency." single])
diff --git a/test/src/fns-tests.el b/test/src/fns-tests.el
index 7d56da77cf..5be9a9eb7b 100644
--- a/test/src/fns-tests.el
+++ b/test/src/fns-tests.el
@@ -858,4 +858,19 @@ test-hash-function-that-mutates-hash-table
(puthash k k h)))
(should (= 100 (hash-table-count h)))))
+(ert-deftest test-secure-hash ()
+ (should (equal (secure-hash 'md5 "foobar") "3858f62230ac3c915f300c664312c63f"))
+ (should (equal (secure-hash 'sha1 "foobar") "8843d7f92416211de9ebb963ff4ce28125932878"))
+ (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3"
+ "8c3c5e258988ab525f941db8")))
+ (should (equal (secure-hash 'sha256 "foobar") (concat "c3ab8ff13720e8ad9047dd39466b3c89"
+ "74e592c2fa383d4a3960714caef0c4f2")))
+ (should (equal (secure-hash 'sha384 "foobar") (concat "3c9c30d9f665e74d515c842960d4a451"
+ "c83a0125fd3de7392d7b37231af10c72"
+ "ea58aedfcdf89a5765bf902af93ecf06")))
+ (should (equal (secure-hash 'sha512 "foobar") (concat "0a50261ebd1a390fed2bf326f2673c14"
+ "5582a6342d523204973d0219337f8161"
+ "6a8069b012587cf5635f6925f1b56c36"
+ "0230c19b273500ee013e030601bf2425"))))
+
(provide 'fns-tests)
--
2.20.1
next prev parent reply other threads:[~2019-09-16 21:50 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-16 8:53 bug#37420: [PATCH] Recommend against SHA-1 for security-related applications Stefan Kangas
2019-09-16 11:21 ` Lars Ingebrigtsen
2019-09-16 20:29 ` Stefan Kangas
2019-09-16 20:34 ` Lars Ingebrigtsen
2019-09-16 21:50 ` Stefan Kangas [this message]
2019-09-16 22:25 ` Lars Ingebrigtsen
2019-09-17 9:17 ` Stefan Kangas
2019-09-17 6:05 ` Eli Zaretskii
2019-09-17 13:37 ` Robert Pluim
2019-09-28 10:19 ` Stefan Kangas
2019-09-28 19:55 ` Lars Ingebrigtsen
2019-10-04 15:33 ` Stefan Kangas
2019-09-17 5:50 ` Eli Zaretskii
2019-09-17 9:09 ` Stefan Kangas
2019-09-17 11:53 ` Eli Zaretskii
2019-09-17 12:08 ` Stefan Kangas
2019-09-17 12:14 ` Stefan Kangas
2019-09-20 18:50 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADwFkmnLuO_4vdV7K+MRtPWxas_4vQXPWeLPpKoZVg=pALU9-A@mail.gmail.com' \
--to=stefan@marxist.se \
--cc=37420@debbugs.gnu.org \
--cc=larsi@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).